A&A-04: Requirements Compliance

Control Family:

Audit & Assurance

CSF v1.1 References:

PF v1.0 References:

Info icon.

Control is new to this version of the control set and incorporates the following items from the previous version: GRM-01: Baseline Requirements, GRM-03: Management Oversight.

Control Statement

Verify compliance with all relevant standards, regulations, legal/contractual, and statutory requirements applicable to the audit.

Implementation Guidance

Verify compliance with all relevant standards applicable to the audit, such as:

  1. Country regulations
  2. Standards and certifications
  3. Industry sector regulations
  4. International applicable regulations such as those regarding privacy and cybersecurity

Auditing Guidance

  1. Examine the process for determining the standards and regulations applicable to the organization's systems and environments.
  2. Examine the process to determine contractual, legal, and technical requirements applicable to the organization's systems and environments.
  3. Determine if the organization maintains and reviews a list of relevant standards, regulations, legal/contractual, and statutory requirements.
  4. Determine if senior management exercises oversight over this control specification.
  5. Determine if the audit plan is informed by the list of the organization's requirements.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.